projects / platform / framework / web / crosswalk.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Upstream version 7.36.149.0
[platform/framework/web/crosswalk.git] / src / extensions / common / permissions / permissions_data_unittest.cc
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <vector>
6
7 #include "base/command_line.h"
8 #include "base/memory/ref_counted.h"
9 #include "base/strings/string16.h"
10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/common/chrome_version_info.h"
12 #include "chrome/common/extensions/extension_test_util.h"
13 #include "chrome/common/extensions/features/feature_channel.h"
14 #include "content/public/common/socket_permission_request.h"
15 #include "extensions/common/error_utils.h"
16 #include "extensions/common/extension.h"
17 #include "extensions/common/id_util.h"
18 #include "extensions/common/manifest_constants.h"
19 #include "extensions/common/permissions/api_permission.h"
20 #include "extensions/common/permissions/permission_set.h"
21 #include "extensions/common/permissions/permissions_data.h"
22 #include "extensions/common/permissions/socket_permission.h"
23 #include "extensions/common/switches.h"
24 #include "extensions/common/url_pattern_set.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 using base::UTF16ToUTF8;
28 using content::SocketPermissionRequest;
29 using extension_test_util::LoadManifest;
30 using extension_test_util::LoadManifestUnchecked;
31 using extension_test_util::LoadManifestStrict;
32
33 namespace extensions {
34
35 namespace {
36
37 bool CheckSocketPermission(
38     scoped_refptr<Extension> extension,
39     SocketPermissionRequest::OperationType type,
40     const char* host,
41     int port) {
42   SocketPermission::CheckParam param(type, host, port);
43   return PermissionsData::CheckAPIPermissionWithParam(
44       extension.get(), APIPermission::kSocket, &param);
45 }
46
47 }  // namespace
48
49 TEST(ExtensionPermissionsTest, EffectiveHostPermissions) {
50   scoped_refptr<Extension> extension;
51   URLPatternSet hosts;
52
53   extension = LoadManifest("effective_host_permissions", "empty.json");
54   EXPECT_EQ(0u,
55             PermissionsData::GetEffectiveHostPermissions(extension.get())
56                 .patterns().size());
57   EXPECT_FALSE(hosts.MatchesURL(GURL("http://www.google.com")));
58   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
59
60   extension = LoadManifest("effective_host_permissions", "one_host.json");
61   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
62   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
63   EXPECT_FALSE(hosts.MatchesURL(GURL("https://www.google.com")));
64   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
65
66   extension = LoadManifest("effective_host_permissions",
67                            "one_host_wildcard.json");
68   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
69   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
70   EXPECT_TRUE(hosts.MatchesURL(GURL("http://foo.google.com")));
71   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
72
73   extension = LoadManifest("effective_host_permissions", "two_hosts.json");
74   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
75   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
76   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
77   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
78
79   extension = LoadManifest("effective_host_permissions",
80                            "https_not_considered.json");
81   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
82   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
83   EXPECT_TRUE(hosts.MatchesURL(GURL("https://google.com")));
84   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
85
86   extension = LoadManifest("effective_host_permissions",
87                            "two_content_scripts.json");
88   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
89   EXPECT_TRUE(hosts.MatchesURL(GURL("http://google.com")));
90   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.reddit.com")));
91   EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
92       GURL("http://www.reddit.com")));
93   EXPECT_TRUE(hosts.MatchesURL(GURL("http://news.ycombinator.com")));
94   EXPECT_TRUE(extension->GetActivePermissions()->HasEffectiveAccessToURL(
95       GURL("http://news.ycombinator.com")));
96   EXPECT_FALSE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
97
98   extension = LoadManifest("effective_host_permissions", "all_hosts.json");
99   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
100   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
101   EXPECT_FALSE(hosts.MatchesURL(GURL("https://test/")));
102   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
103   EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
104
105   extension = LoadManifest("effective_host_permissions", "all_hosts2.json");
106   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
107   EXPECT_TRUE(hosts.MatchesURL(GURL("http://test/")));
108   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
109   EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
110
111   extension = LoadManifest("effective_host_permissions", "all_hosts3.json");
112   hosts = PermissionsData::GetEffectiveHostPermissions(extension.get());
113   EXPECT_FALSE(hosts.MatchesURL(GURL("http://test/")));
114   EXPECT_TRUE(hosts.MatchesURL(GURL("https://test/")));
115   EXPECT_TRUE(hosts.MatchesURL(GURL("http://www.google.com")));
116   EXPECT_TRUE(PermissionsData::HasEffectiveAccessToAllHosts(extension.get()));
117 }
118
119 TEST(ExtensionPermissionsTest, SocketPermissions) {
120   // Set feature current channel to appropriate value.
121   ScopedCurrentChannel scoped_channel(chrome::VersionInfo::CHANNEL_DEV);
122   scoped_refptr<Extension> extension;
123   std::string error;
124
125   extension = LoadManifest("socket_permissions", "empty.json");
126   EXPECT_FALSE(CheckSocketPermission(extension,
127       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
128
129   extension = LoadManifestUnchecked("socket_permissions",
130                                     "socket1.json",
131                                     Manifest::INTERNAL, Extension::NO_FLAGS,
132                                     &error);
133   EXPECT_TRUE(extension.get() == NULL);
134   std::string expected_error_msg_header = ErrorUtils::FormatErrorMessage(
135       manifest_errors::kInvalidPermissionWithDetail,
136       "socket",
137       "NULL or empty permission list");
138   EXPECT_EQ(expected_error_msg_header, error);
139
140   extension = LoadManifest("socket_permissions", "socket2.json");
141   EXPECT_TRUE(CheckSocketPermission(extension,
142       SocketPermissionRequest::TCP_CONNECT, "www.example.com", 80));
143   EXPECT_FALSE(CheckSocketPermission(
144         extension, SocketPermissionRequest::UDP_BIND, "", 80));
145   EXPECT_TRUE(CheckSocketPermission(
146         extension, SocketPermissionRequest::UDP_BIND, "", 8888));
147
148   EXPECT_FALSE(CheckSocketPermission(
149         extension, SocketPermissionRequest::UDP_SEND_TO, "example.com", 1900));
150   EXPECT_TRUE(CheckSocketPermission(
151         extension,
152         SocketPermissionRequest::UDP_SEND_TO,
153         "239.255.255.250", 1900));
154 }
155
156 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyAPIPermissions) {
157   scoped_refptr<Extension> extension;
158   extension = LoadManifest("permissions", "many-apis.json");
159   std::vector<base::string16> warnings =
160       PermissionsData::GetPermissionMessageStrings(extension.get());
161   // Warning for "tabs" is suppressed by "history" permission.
162   ASSERT_EQ(5u, warnings.size());
163   EXPECT_EQ("Access your data on api.flickr.com",
164             UTF16ToUTF8(warnings[0]));
165   EXPECT_EQ("Read and modify your bookmarks", UTF16ToUTF8(warnings[1]));
166   EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[2]));
167   EXPECT_EQ("Read and modify your browsing history", UTF16ToUTF8(warnings[3]));
168   EXPECT_EQ("Manage your apps, extensions, and themes",
169             UTF16ToUTF8(warnings[4]));
170 }
171
172 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHostsPermissions) {
173   scoped_refptr<Extension> extension;
174   extension = LoadManifest("permissions", "more-than-3-hosts.json");
175   std::vector<base::string16> warnings =
176       PermissionsData::GetPermissionMessageStrings(extension.get());
177   std::vector<base::string16> warnings_details =
178       PermissionsData::GetPermissionMessageDetailsStrings(extension.get());
179   ASSERT_EQ(1u, warnings.size());
180   ASSERT_EQ(1u, warnings_details.size());
181   EXPECT_EQ("Access your data on 5 websites", UTF16ToUTF8(warnings[0]));
182   EXPECT_EQ("- www.a.com\n- www.b.com\n- www.c.com\n- www.d.com\n- www.e.com",
183             UTF16ToUTF8(warnings_details[0]));
184 }
185
186 TEST(ExtensionPermissionsTest, GetPermissionMessages_LocationApiPermission) {
187   scoped_refptr<Extension> extension;
188   extension = LoadManifest("permissions",
189                            "location-api.json",
190                            Manifest::COMPONENT,
191                            Extension::NO_FLAGS);
192   std::vector<base::string16> warnings =
193       PermissionsData::GetPermissionMessageStrings(extension.get());
194   ASSERT_EQ(1u, warnings.size());
195   EXPECT_EQ("Detect your physical location", UTF16ToUTF8(warnings[0]));
196 }
197
198 TEST(ExtensionPermissionsTest, GetPermissionMessages_ManyHosts) {
199   scoped_refptr<Extension> extension;
200   extension = LoadManifest("permissions", "many-hosts.json");
201   std::vector<base::string16> warnings =
202       PermissionsData::GetPermissionMessageStrings(extension.get());
203   ASSERT_EQ(1u, warnings.size());
204   EXPECT_EQ("Access your data on encrypted.google.com and www.google.com",
205             UTF16ToUTF8(warnings[0]));
206 }
207
208 TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
209   scoped_refptr<Extension> extension;
210   extension = LoadManifest("permissions", "plugins.json");
211   std::vector<base::string16> warnings =
212       PermissionsData::GetPermissionMessageStrings(extension.get());
213 // We don't parse the plugins key on Chrome OS, so it should not ask for any
214 // permissions.
215 #if defined(OS_CHROMEOS)
216   ASSERT_EQ(0u, warnings.size());
217 #else
218   ASSERT_EQ(1u, warnings.size());
219   EXPECT_EQ("Access all data on your computer and the websites you visit",
220             UTF16ToUTF8(warnings[0]));
221 #endif
222 }
223
224 // Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
225 // methods of Extension for extensions with various permissions.
226 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
227  protected:
228   ExtensionScriptAndCaptureVisibleTest()
229       : http_url("http://www.google.com"),
230         http_url_with_path("http://www.google.com/index.html"),
231         https_url("https://www.google.com"),
232         file_url("file:///foo/bar"),
233         favicon_url("chrome://favicon/http://www.google.com"),
234         extension_url("chrome-extension://" +
235             id_util::GenerateIdForPath(
236                 base::FilePath(FILE_PATH_LITERAL("foo")))),
237         settings_url("chrome://settings"),
238         about_url("about:flags") {
239     urls_.insert(http_url);
240     urls_.insert(http_url_with_path);
241     urls_.insert(https_url);
242     urls_.insert(file_url);
243     urls_.insert(favicon_url);
244     urls_.insert(extension_url);
245     urls_.insert(settings_url);
246     urls_.insert(about_url);
247     // Ignore the policy delegate for this test.
248     PermissionsData::SetPolicyDelegate(NULL);
249   }
250
251   bool AllowedScript(const Extension* extension, const GURL& url,
252                      const GURL& top_url) {
253     return AllowedScript(extension, url, top_url, -1);
254   }
255
256   bool AllowedScript(const Extension* extension, const GURL& url,
257                      const GURL& top_url, int tab_id) {
258     return PermissionsData::CanExecuteScriptOnPage(
259         extension, url, top_url, tab_id, NULL, -1, NULL);
260   }
261
262   bool BlockedScript(const Extension* extension, const GURL& url,
263                      const GURL& top_url) {
264     return !PermissionsData::CanExecuteScriptOnPage(
265         extension, url, top_url, -1, NULL, -1, NULL);
266   }
267
268   bool Allowed(const Extension* extension, const GURL& url) {
269     return Allowed(extension, url, -1);
270   }
271
272   bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
273     return (PermissionsData::CanExecuteScriptOnPage(
274                 extension, url, url, tab_id, NULL, -1, NULL) &&
275             PermissionsData::CanCaptureVisiblePage(
276                 extension, tab_id, NULL));
277   }
278
279   bool CaptureOnly(const Extension* extension, const GURL& url) {
280     return CaptureOnly(extension, url, -1);
281   }
282
283   bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
284     return !PermissionsData::CanExecuteScriptOnPage(
285                 extension, url, url, tab_id, NULL, -1, NULL) &&
286            PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL);
287   }
288
289   bool ScriptOnly(const Extension* extension, const GURL& url,
290                   const GURL& top_url) {
291     return ScriptOnly(extension, url, top_url, -1);
292   }
293
294   bool ScriptOnly(const Extension* extension, const GURL& url,
295                   const GURL& top_url, int tab_id) {
296     return AllowedScript(extension, url, top_url, tab_id) &&
297         !PermissionsData::CanCaptureVisiblePage(extension, tab_id, NULL);
298   }
299
300   bool Blocked(const Extension* extension, const GURL& url) {
301     return Blocked(extension, url, -1);
302   }
303
304   bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
305     return !(PermissionsData::CanExecuteScriptOnPage(
306                  extension, url, url, tab_id, NULL, -1, NULL) ||
307              PermissionsData::CanCaptureVisiblePage(
308                  extension, tab_id, NULL));
309   }
310
311   bool ScriptAllowedExclusivelyOnTab(
312       const Extension* extension,
313       const std::set<GURL>& allowed_urls,
314       int tab_id) {
315     bool result = true;
316     for (std::set<GURL>::iterator it = urls_.begin(); it != urls_.end(); ++it) {
317       const GURL& url = *it;
318       if (allowed_urls.count(url))
319         result &= AllowedScript(extension, url, url, tab_id);
320       else
321         result &= Blocked(extension, url, tab_id);
322     }
323     return result;
324   }
325
326   // URLs that are "safe" to provide scripting and capture visible tab access
327   // to if the permissions allow it.
328   const GURL http_url;
329   const GURL http_url_with_path;
330   const GURL https_url;
331   const GURL file_url;
332
333   // We should allow host permission but not scripting permission for favicon
334   // urls.
335   const GURL favicon_url;
336
337   // URLs that regular extensions should never get access to.
338   const GURL extension_url;
339   const GURL settings_url;
340   const GURL about_url;
341
342  private:
343   // The set of all URLs above.
344   std::set<GURL> urls_;
345 };
346
347 TEST_F(ExtensionScriptAndCaptureVisibleTest, Permissions) {
348   // Test <all_urls> for regular extensions.
349   scoped_refptr<Extension> extension = LoadManifestStrict("script_and_capture",
350       "extension_regular_all.json");
351
352   EXPECT_TRUE(Allowed(extension.get(), http_url));
353   EXPECT_TRUE(Allowed(extension.get(), https_url));
354   EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
355   EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
356   EXPECT_TRUE(CaptureOnly(extension.get(), favicon_url));
357   EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
358   EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
359
360   // Test access to iframed content.
361   GURL within_extension_url = extension->GetResourceURL("page.html");
362   EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
363   EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
364   EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
365   EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
366   EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
367   EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
368
369   EXPECT_FALSE(
370       PermissionsData::HasHostPermission(extension.get(), settings_url));
371   EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
372   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
373
374   // Test * for scheme, which implies just the http/https schemes.
375   extension = LoadManifestStrict("script_and_capture",
376       "extension_wildcard.json");
377   EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
378   EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
379   EXPECT_TRUE(Blocked(extension.get(), settings_url));
380   EXPECT_TRUE(Blocked(extension.get(), about_url));
381   EXPECT_TRUE(Blocked(extension.get(), file_url));
382   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
383   extension =
384       LoadManifest("script_and_capture", "extension_wildcard_settings.json");
385   EXPECT_TRUE(Blocked(extension.get(), settings_url));
386
387   // Having chrome://*/ should not work for regular extensions. Note that
388   // for favicon access, we require the explicit pattern chrome://favicon/*.
389   std::string error;
390   extension = LoadManifestUnchecked("script_and_capture",
391                                     "extension_wildcard_chrome.json",
392                                     Manifest::INTERNAL, Extension::NO_FLAGS,
393                                     &error);
394   std::vector<InstallWarning> warnings = extension->install_warnings();
395   EXPECT_FALSE(warnings.empty());
396   EXPECT_EQ(ErrorUtils::FormatErrorMessage(
397                 manifest_errors::kInvalidPermissionScheme,
398                 "chrome://*/"),
399             warnings[0].message);
400   EXPECT_TRUE(Blocked(extension.get(), settings_url));
401   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
402   EXPECT_TRUE(Blocked(extension.get(), about_url));
403
404   // Having chrome://favicon/* should not give you chrome://*
405   extension = LoadManifestStrict("script_and_capture",
406       "extension_chrome_favicon_wildcard.json");
407   EXPECT_TRUE(Blocked(extension.get(), settings_url));
408   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
409   EXPECT_TRUE(Blocked(extension.get(), about_url));
410   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
411
412   // Having http://favicon should not give you chrome://favicon
413   extension = LoadManifestStrict("script_and_capture",
414       "extension_http_favicon.json");
415   EXPECT_TRUE(Blocked(extension.get(), settings_url));
416   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
417
418   // Component extensions with <all_urls> should get everything.
419   extension = LoadManifest("script_and_capture", "extension_component_all.json",
420       Manifest::COMPONENT, Extension::NO_FLAGS);
421   EXPECT_TRUE(Allowed(extension.get(), http_url));
422   EXPECT_TRUE(Allowed(extension.get(), https_url));
423   EXPECT_TRUE(Allowed(extension.get(), settings_url));
424   EXPECT_TRUE(Allowed(extension.get(), about_url));
425   EXPECT_TRUE(Allowed(extension.get(), favicon_url));
426   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
427
428   // Component extensions should only get access to what they ask for.
429   extension = LoadManifest("script_and_capture",
430       "extension_component_google.json", Manifest::COMPONENT,
431       Extension::NO_FLAGS);
432   EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
433   EXPECT_TRUE(Blocked(extension.get(), https_url));
434   EXPECT_TRUE(Blocked(extension.get(), file_url));
435   EXPECT_TRUE(Blocked(extension.get(), settings_url));
436   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
437   EXPECT_TRUE(Blocked(extension.get(), about_url));
438   EXPECT_TRUE(Blocked(extension.get(), extension_url));
439   EXPECT_FALSE(
440       PermissionsData::HasHostPermission(extension.get(), settings_url));
441 }
442
443 TEST_F(ExtensionScriptAndCaptureVisibleTest, PermissionsWithChromeURLsEnabled) {
444   CommandLine::ForCurrentProcess()->AppendSwitch(
445       switches::kExtensionsOnChromeURLs);
446
447   scoped_refptr<Extension> extension;
448
449   // Test <all_urls> for regular extensions.
450   extension = LoadManifestStrict("script_and_capture",
451       "extension_regular_all.json");
452   EXPECT_TRUE(Allowed(extension.get(), http_url));
453   EXPECT_TRUE(Allowed(extension.get(), https_url));
454   EXPECT_TRUE(CaptureOnly(extension.get(), file_url));
455   EXPECT_TRUE(CaptureOnly(extension.get(), settings_url));
456   EXPECT_TRUE(Allowed(extension.get(), favicon_url));  // chrome:// requested
457   EXPECT_TRUE(CaptureOnly(extension.get(), about_url));
458   EXPECT_TRUE(CaptureOnly(extension.get(), extension_url));
459
460   // Test access to iframed content.
461   GURL within_extension_url = extension->GetResourceURL("page.html");
462   EXPECT_TRUE(AllowedScript(extension.get(), http_url, http_url_with_path));
463   EXPECT_TRUE(AllowedScript(extension.get(), https_url, http_url_with_path));
464   EXPECT_TRUE(AllowedScript(extension.get(), http_url, within_extension_url));
465   EXPECT_TRUE(AllowedScript(extension.get(), https_url, within_extension_url));
466   EXPECT_TRUE(BlockedScript(extension.get(), http_url, extension_url));
467   EXPECT_TRUE(BlockedScript(extension.get(), https_url, extension_url));
468
469   EXPECT_FALSE(
470       PermissionsData::HasHostPermission(extension.get(), settings_url));
471   EXPECT_FALSE(PermissionsData::HasHostPermission(extension.get(), about_url));
472   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
473
474   // Test * for scheme, which implies just the http/https schemes.
475   extension = LoadManifestStrict("script_and_capture",
476       "extension_wildcard.json");
477   EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
478   EXPECT_TRUE(ScriptOnly(extension.get(), https_url, https_url));
479   EXPECT_TRUE(Blocked(extension.get(), settings_url));
480   EXPECT_TRUE(Blocked(extension.get(), about_url));
481   EXPECT_TRUE(Blocked(extension.get(), file_url));
482   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
483   extension =
484       LoadManifest("script_and_capture", "extension_wildcard_settings.json");
485   EXPECT_TRUE(Blocked(extension.get(), settings_url));
486
487   // Having chrome://*/ should work for regular extensions with the flag
488   // enabled.
489   std::string error;
490   extension = LoadManifestUnchecked("script_and_capture",
491                                     "extension_wildcard_chrome.json",
492                                     Manifest::INTERNAL, Extension::NO_FLAGS,
493                                     &error);
494   EXPECT_FALSE(extension.get() == NULL);
495   EXPECT_TRUE(Blocked(extension.get(), http_url));
496   EXPECT_TRUE(Blocked(extension.get(), https_url));
497   EXPECT_TRUE(ScriptOnly(extension.get(), settings_url, settings_url));
498   EXPECT_TRUE(Blocked(extension.get(), about_url));
499   EXPECT_TRUE(Blocked(extension.get(), file_url));
500   EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
501
502   // Having chrome://favicon/* should not give you chrome://*
503   extension = LoadManifestStrict("script_and_capture",
504       "extension_chrome_favicon_wildcard.json");
505   EXPECT_TRUE(Blocked(extension.get(), settings_url));
506   EXPECT_TRUE(ScriptOnly(extension.get(), favicon_url, favicon_url));
507   EXPECT_TRUE(Blocked(extension.get(), about_url));
508   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
509
510   // Having http://favicon should not give you chrome://favicon
511   extension = LoadManifestStrict("script_and_capture",
512       "extension_http_favicon.json");
513   EXPECT_TRUE(Blocked(extension.get(), settings_url));
514   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
515
516   // Component extensions with <all_urls> should get everything.
517   extension = LoadManifest("script_and_capture", "extension_component_all.json",
518       Manifest::COMPONENT, Extension::NO_FLAGS);
519   EXPECT_TRUE(Allowed(extension.get(), http_url));
520   EXPECT_TRUE(Allowed(extension.get(), https_url));
521   EXPECT_TRUE(Allowed(extension.get(), settings_url));
522   EXPECT_TRUE(Allowed(extension.get(), about_url));
523   EXPECT_TRUE(Allowed(extension.get(), favicon_url));
524   EXPECT_TRUE(PermissionsData::HasHostPermission(extension.get(), favicon_url));
525
526   // Component extensions should only get access to what they ask for.
527   extension = LoadManifest("script_and_capture",
528       "extension_component_google.json", Manifest::COMPONENT,
529       Extension::NO_FLAGS);
530   EXPECT_TRUE(ScriptOnly(extension.get(), http_url, http_url));
531   EXPECT_TRUE(Blocked(extension.get(), https_url));
532   EXPECT_TRUE(Blocked(extension.get(), file_url));
533   EXPECT_TRUE(Blocked(extension.get(), settings_url));
534   EXPECT_TRUE(Blocked(extension.get(), favicon_url));
535   EXPECT_TRUE(Blocked(extension.get(), about_url));
536   EXPECT_TRUE(Blocked(extension.get(), extension_url));
537   EXPECT_FALSE(
538       PermissionsData::HasHostPermission(extension.get(), settings_url));
539 }
540
541 TEST_F(ExtensionScriptAndCaptureVisibleTest, TabSpecific) {
542   scoped_refptr<Extension> extension =
543       LoadManifestStrict("script_and_capture", "tab_specific.json");
544
545   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
546                    .get());
547   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
548                    .get());
549   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 2)
550                    .get());
551
552   std::set<GURL> no_urls;
553
554   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
555   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
556   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
557
558   URLPatternSet allowed_hosts;
559   allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
560                                       http_url.spec()));
561   std::set<GURL> allowed_urls;
562   allowed_urls.insert(http_url);
563   // http_url_with_path() will also be allowed, because Extension should be
564   // considering the security origin of the URL not the URL itself, and
565   // http_url is in allowed_hosts.
566   allowed_urls.insert(http_url_with_path);
567
568   {
569     scoped_refptr<PermissionSet> permissions(
570         new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
571                           allowed_hosts, URLPatternSet()));
572     PermissionsData::UpdateTabSpecificPermissions(
573         extension.get(), 0, permissions);
574     EXPECT_EQ(permissions->explicit_hosts(),
575               PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
576                   ->explicit_hosts());
577   }
578
579   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
580   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
581   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
582
583   PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
584   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
585                    .get());
586
587   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
588   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
589   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
590
591   std::set<GURL> more_allowed_urls = allowed_urls;
592   more_allowed_urls.insert(https_url);
593   URLPatternSet more_allowed_hosts = allowed_hosts;
594   more_allowed_hosts.AddPattern(URLPattern(URLPattern::SCHEME_ALL,
595                                            https_url.spec()));
596
597   {
598     scoped_refptr<PermissionSet> permissions(
599         new PermissionSet(APIPermissionSet(),  ManifestPermissionSet(),
600                           allowed_hosts, URLPatternSet()));
601     PermissionsData::UpdateTabSpecificPermissions(
602         extension.get(), 0, permissions);
603     EXPECT_EQ(permissions->explicit_hosts(),
604               PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
605                   ->explicit_hosts());
606
607     permissions = new PermissionSet(APIPermissionSet(),
608                                     ManifestPermissionSet(),
609                                     more_allowed_hosts,
610                                     URLPatternSet());
611     PermissionsData::UpdateTabSpecificPermissions(
612         extension.get(), 1, permissions);
613     EXPECT_EQ(permissions->explicit_hosts(),
614               PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
615                   ->explicit_hosts());
616   }
617
618   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), allowed_urls, 0));
619   EXPECT_TRUE(
620       ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
621   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
622
623   PermissionsData::ClearTabSpecificPermissions(extension.get(), 0);
624   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 0)
625                    .get());
626
627   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
628   EXPECT_TRUE(
629       ScriptAllowedExclusivelyOnTab(extension.get(), more_allowed_urls, 1));
630   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
631
632   PermissionsData::ClearTabSpecificPermissions(extension.get(), 1);
633   EXPECT_FALSE(PermissionsData::GetTabSpecificPermissions(extension.get(), 1)
634                    .get());
635
636   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 0));
637   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 1));
638   EXPECT_TRUE(ScriptAllowedExclusivelyOnTab(extension.get(), no_urls, 2));
639 }
640
641 }  // namespace extensions
Domain: Web Framework / Uncategorized;